Legal claims defining the scope of protection, as filed with the USPTO.
1. A controller, comprising: an I/O interface configured to enable communication with the controller; and a management engine including key storage memory, the management engine configured to: retrieve a user key by applying a user key decryption algorithm to an encrypted user key received from a user application of an apparatus hosting the controller, create a management engine key by applying a management engine key creation algorithm to the user key, encrypt the management engine key by applying a management engine key encryption algorithm to the management engine key, send the encrypted management engine key to a remote server, retrieve a server key by applying a server key decryption algorithm to an encrypted server key received from the remote server, perform a hash combination of the user key, the management engine key, and the server key stored in the key storage memory, to create a super key, perform an authentication of the super key, and send a management engine certification to the user application in response to the super key being successfully authenticated.
2. The controller of claim 1 , further comprising: a memory storage location to store at least a super key master value, wherein the super key is successfully authenticated when the hash combination value is equivalent to the super key master value.
3. The controller of claim 1 , wherein the encrypted user key and the management engine certification are sent between the user application and the management engine via an out-of-band channel.
4. The controller of claim 1 , wherein the management engine key and the encrypted server key are sent between the management engine and the remote server via an out-of-band channel.
5. The controller of claim 1 , wherein the management engine key creation algorithm comprises a management engine cryptographic hash function, wherein the user key is input into the hash function and the management engine key is the resulting output of the hash function.
6. The controller of claim 1 , further comprising: memory storage locations to store at least the user key, the management engine key, and the server key.
7. A system, comprising: a client device having a management engine, and a remote server wherein the management engine is configured to retrieve a user key by applying a user key decryption algorithm to an encrypted user key received from a user application, create a management engine key by applying a management engine key creation algorithm to the user key, encrypt the management engine key by applying a management engine key encryption algorithm to the management engine key, send the encrypted management engine key to a remote server, retrieve a server key by applying a server key decryption algorithm to an encrypted server key received from the remote server, perform a hash combination of the user key, the management engine key, and the server key to create a super key, perform an authentication of the super key, and send a management engine certification to the user application in response to the super key being successfully authenticated; and wherein the remote server is configured to receive the encrypted management engine key from the management engine, retrieve the management engine key by applying a management engine key decryption algorithm to the encrypted management engine key, create a server key by applying a server key creation algorithm to the management engine key, encrypt the server key by applying a server key encryption algorithm to the server key, and send the encrypted server key to the management engine.
8. The system of claim 7 , wherein the management engine further comprises a memory storage location to store at least a super key master value, wherein the super key is successfully authenticated when the hash combination value is equivalent to the super key master value.
9. The system of claim 7 , further comprising: an out-of-band channel to communicatively couple the management engine with the user application, wherein the encrypted user key and the management engine certification are sent between the user application and the management engine via the out-of-band channel.
10. The system of claim 7 , further comprising: an out-of-band channel to communicatively couple the management engine with the remote server, wherein the management engine key and the encrypted server key are sent between the management engine and the remote server via an out-of-band channel.
11. The system of claim 7 , wherein the management engine key creation algorithm comprises a management engine cryptographic hash function, wherein the user key is input into the hash function and the management engine key is the resulting output of the hash function.
12. The system of claim 7 , wherein the server key creation algorithm comprises a server cryptographic hash function, wherein the management engine key is input into the hash function and the server key is the resulting output of the hash function.
13. A method, comprising: retrieving, using a computing device, a user key by applying a user key decryption algorithm to an encrypted user key received from a user application of the complain device; creating, using the computing device, a management engine key by applying a management engine key creation algorithm to the user key; encrypting, using the computing device, the management engine key by applying a management engine key encryption algorithm to the management engine key; sending, using the computing device, the encrypted management engine key to a remote server; retrieving, using the computing device, a server key by applying a server key decryption algorithm to an encrypted server key received from the remote server; performing, using the computing device, a hash combination of the user key, the management engine key, and the server key to create a super key; performing, using the computing device, an authentication of the super key; and sending, using the computing device, a management engine certification to the user application in response to the super key being successfully authenticated.
14. The method of claim 13 , further comprising: storing at least a super key master value in a management engine, wherein the super key is successfully authenticated when the hash combination value is equivalent to the super key master value.
15. The method of claim 13 , further comprising: sending the encrypted user key and the management engine certification between the user application and the management engine via an out-of-band channel.
16. The method of claim 13 , further comprising: sending the management engine key and the encrypted server key between the management engine and the remote server via an out-of-band channel.
17. The method of claim 13 , wherein the management engine key creation algorithm comprises a management engine cryptographic hash function, wherein the user key is input into the hash function and the management engine key is the resulting output of the hash function.
18. The method of claim 14 , further comprising: storing the user key, the management engine key, and the server key in separate storage locations in the management engine.
19. A controller, comprising: an I/O interface configured to enable communication with the controller; and a management engine including key storage memory, the management engine configured to: receive a user key from a user application of an apparatus hosting the controller, create a management engine key by applying a management engine key creation algorithm to the user key, send the management engine key to a remote server, retrieve a server key from the remote server, perform a hash combination of the user key, the management engine key, and the server key stored in the key storage memory, to create a super key, perform an authentication of the super key, and send a management engine certification to the user application in response to the super key being successfully authenticated.
20. The controller of claim 19 , further comprising: a memory storage location to store at least a super key master value, wherein the super key is successfully authenticated when the hash combination value is equivalent to the super key master value.
21. The controller of claim 19 , wherein the user key and the management engine certification are sent between the user application and the management engine via an out-of-band channel.
22. The controller of claim 19 , wherein the management engine key and the server key are sent between the management engine and the remote server via an out-of-band channel.
23. The controller of claim 19 , wherein the management engine key creation algorithm comprises a management engine cryptographic hash function, wherein the user key is input into the hash function and the management engine key is the resulting output of the hash function.
24. The controller of claim 19 , further comprising: memory storage locations to store at least the user key, the management engine key, and the server key.
Unknown
August 27, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.